[clamav-users] Signatures Published daily - 24589

Subject update appears to be empty. -Al- -- Al Varnell Mountain View, CA smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-user

Re: [clamav-users] Signatures once again 2 days old

We have a new cvd building now. We do have an alert system, but the alert system, for some reason didn’t email us the alert. We’re looking into that. Sent from my iPhone > On Mar 18, 2018, at 12:07, Andy Schmidt wrote: > > This has become a regular occurrence - but since no one else has me

[clamav-users] Signatures once again 2 days old

This has become a regular occurrence - but since no one else has mentioned it... according to the automated alerts I am receiving for MY server, the signature updating seems to be stuck again. The "up to date daily.cld" is now 40 hours old. Sun Mar 18 11:42:02 2018 -> ClamAV update process start

Re: [clamav-users] Signatures in md5sum not in sha256sum

> On 11 Sep 2017, at 1:01 pm, Joel Esler (jesler) wrote: > > Reported them to bugzilla? Nope - in your announcement email (copied & abbreviated below) you asked us to provide feedback via the list: > On 4 Aug 2017, at 12:04 am, Joel Esler (jesler) wrote: > > ClamAV 0.99.3 beta has been rele

Re: [clamav-users] Signatures in md5sum not in sha256sum

Reported them to bugzilla? Sent from my iPhone On Sep 11, 2017, at 5:35 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: On 8 Sep 2017, at 5:32 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: We don't have a slated date yet. We've had about 6000 downloads of the beta package an

Re: [clamav-users] Signatures in md5sum not in sha256sum

> On 8 Sep 2017, at 5:32 pm, Joel Esler (jesler) wrote: > > We don’t have a slated date yet. We’ve had about 6000 downloads of the beta > package and no reported bugs so far. > > > So far, so good. That's not entirely true; I reported at least three bugs. Mark _

Re: [clamav-users] Signatures in md5sum not in sha256sum

I also tracked down a problem with False Positives that I personally reported to ClamXAV support that was passed on and received this response from Steve Morgan: > Thanks, we are also observing these same FP's in our testing. They are on the > roadmap for 0.99.3. -Al- On Fri, Sep 08, 2017 at

Re: [clamav-users] Signatures in md5sum not in sha256sum

I'm aware of at least one bug was reported on the developer-list in mid-August and last I knew the patch was still not working. On Fri, Sep 08, 2017 at 09:32 AM, Joel Esler (jesler) wrote: > We don’t have a slated date yet. We’ve had about 6000 downloads of the beta > package and no reported bu

Re: [clamav-users] Signatures in md5sum not in sha256sum

We don’t have a slated date yet. We’ve had about 6000 downloads of the beta package and no reported bugs so far. So far, so good. -- Joel Esler | Talos: Manager | jes...@cisco.com On Sep 8, 2017, at 8:20 AM, Vijayakumar U mailto:vj1...@gmail.com>> wrote: When

Re: [clamav-users] Signatures in md5sum not in sha256sum

MD5 has been discredited (found insecure) a long time ago. Putting out *new* signatures with SHA256 shouldn't be all that hard. And just like some new sigs needing a recent version of ClamAV because of their content, SHA-signed sigs could demand a new ClamAV version. As far as a being a security i

Re: [clamav-users] Signatures in md5sum not in sha256sum

This is what I was expecting. Thanks for the reply. When can we expect the 99.3 stable release ? On Fri, Sep 8, 2017 at 5:01 PM, Alain Zidouemba wrote: > We are shipping sha256 signatures now. See contents of daily.hsb. We > are no longer shipping new hdb (md5) signatures. > > -Alain > > > On

Re: [clamav-users] Signatures in md5sum not in sha256sum

I'm not asking to update previously collected signatures. At-least from now on while adding new ones lets have it as sha256sum. On Fri, Sep 8, 2017 at 4:57 PM, Al Varnell wrote: > I'm struggling to understand how that would improve the DB? It's not a > security issue and it would seemingly invol

Re: [clamav-users] Signatures in md5sum not in sha256sum

We are shipping sha256 signatures now. See contents of daily.hsb. We are no longer shipping new hdb (md5) signatures. -Alain > On Sep 8, 2017, at 7:28 AM, Al Varnell wrote: > > I'm struggling to understand how that would improve the DB? It's not a > security issue and it would seemingly involve

Re: [clamav-users] Signatures in md5sum not in sha256sum

I'm struggling to understand how that would improve the DB? It's not a security issue and it would seemingly involve a ton of work to run all those samples again just to get a larger number which would require additional time to download and space to store the DB as well as in RAM. -Al- On Fri

[clamav-users] Signatures in md5sum not in sha256sum

Dear Team, Do we have any plans to maintain/update the signature DB with sha256sum? Is there any specific reason to maintain the signatures in md5sum format? Please clarify. -- Cheers, Vijay. ___ clamav-users mailing list clamav-users@lists.clamav.ne

[clamav-users] Signatures Published

An observation that in the last 24 hours, only one new signature has been posted in daily 23716. The next eight are all empty. I've also observed that there has been a marked drop-off in the number of signatures published since the end of May. I hardly ever see what look to be an automated upda

Re: [clamav-users] "Signatures Published" frequency

These are automated publish jobs. Right now, the signature system is processing at a comfortable level, and we’d prefer not to raise the rate of publish. -- Joel Esler Manager Talos Group http://www.talosintelligence.com > On Sep 1, 2016, at 4:42 AM, Axb w

[clamav-users] "Signatures Published" frequency

Atm, the ClamAV is publishing around 300 sigs or more every 4 hours. Why so many signatures only every four hours instead of frequently releasing much smaller batches. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/cla

Re: [Clamav-users] Signatures for documents exploiting CVE-2009-0658?

Adam Stephens wrote: > The other day we got mailed a wave of PDF files aimed at exploiting > CVE-2009-0658. > > Does anyone have working generic signatures for documents with this > exploit in? I've made an MD5 signature* for the particular document we > got, & submitted it, but I know there are

[Clamav-users] Signatures for documents exploiting CVE-2009-0658?

The other day we got mailed a wave of PDF files aimed at exploiting CVE-2009-0658. Does anyone have working generic signatures for documents with this exploit in? I've made an MD5 signature* for the particular document we got, & submitted it, but I know there are plenty of other similar docum

Re: [Clamav-users] Signatures for LynxOS

Le mercredi 5 mars 2008 16:37, Tyler a écrit : > Does the CVD have signatures for LynxOS malware? Maybe this question should > be directed to the LynxOS site asking if Linux malware can run on LynxOS? I personnaly never had a LynxOS malware in my hand. If you got some then submit them to Clamav t

[Clamav-users] Signatures for LynxOS

Does the CVD have signatures for LynxOS malware? Maybe this question should be directed to the LynxOS site asking if Linux malware can run on LynxOS? _ Shed those extra pounds with MSN and The Biggest Loser! http://biggestloser.msn.c

[Clamav-users] signatures lost in 3118 Update

Hi, The Worm.Bagle.Gen-zippwd and Worm.Bagle.Gen-zippwd-2 virus signatures disappeared when the 3118 update was released. Files containing this virus are now only detected as a virus if Encrypted-Zip are marked as virus. There used to be 9 Worm.Bagle.Gen-zippwd* signatures. Now only Worm.Bagle

Re: [Clamav-users] signatures format docs

On Mon, 9 Apr 2007 16:50:02 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Mon, 9 Apr 2007 18:03:18 +0400 > Anton Yuzhaninov <[EMAIL PROTECTED]> wrote: > > > Hello. > > > > docs/signatures.pdf specified two same wildcards for different purposes: > > > > a? Match high nibble (high four bits

Re: [Clamav-users] signatures format docs

On Mon, 9 Apr 2007 18:03:18 +0400 Anton Yuzhaninov <[EMAIL PROTECTED]> wrote: > Hello. > > docs/signatures.pdf specified two same wildcards for different purposes: > > a? Match high nibble (high four bits). IMPORTANT NOTE: Nibble > matching is only available in libclamav with the funct

[Clamav-users] signatures format docs

Hello. docs/signatures.pdf specified two same wildcards for different purposes: a? Match high nibble (high four bits). IMPORTANT NOTE: Nibble matching is only available in libclamav with the functionality level 15 therefore please only use it with .ndb signatures, each followed

Re: [Clamav-users] signatures in hex

Pankaj Gupta wrote: Hi, I am just curious as to how I can dump the signature contents of a .cvd in hex? Using "sigtool -list", I can see the virus names, but I wanted to see the actual hex signature of some of these virus names. How do I do that? Thanks sigtool --help sigtool --unpack=/

[Clamav-users] signatures in hex

Hi, I am just curious as to how I can dump the signature contents of a .cvd in hex? Using "sigtool -list", I can see the virus names, but I wanted to see the actual hex signature of some of these virus names. How do I do that? Thanks ___ http://lu

Re: [Clamav-users] Signatures

On Thu, 2004-12-16 at 12:39 +0100, Tomasz Kojm wrote: > On Wed, 15 Dec 2004 11:08:17 +0100 > Julio Canto <[EMAIL PROTECTED]> wrote: > > > Hello, > > I'm seeing from yesterday that the windows version (devel-20041205) of > > > > the clam scanner doesn't like very much the last daily.cvd file. I >

Re: [Clamav-users] Signatures

On Wed, 15 Dec 2004 11:08:17 +0100 Julio Canto <[EMAIL PROTECTED]> wrote: > Hello, > I'm seeing from yesterday that the windows version (devel-20041205) of > > the clam scanner doesn't like very much the last daily.cvd file. I > don't read any report, I just see it not responding :? Any clue abou

[Clamav-users] Signatures

Hello, I'm seeing from yesterday that the windows version (devel-20041205) of the clam scanner doesn't like very much the last daily.cvd file. I don't read any report, I just see it not responding :? Any clue about this? -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34)

Re: [Clamav-users] [signatures] How to use self-made signatures ?

On Tue, 24 Feb 2004 at 15:46:18 +0100, David Girardey wrote: > >> I'm testing signatures extraction with a 'home-made' virus : I extract > >> a piece of a binary file (jpeg file), and put it into a test.virus.db > > TP> No. First you must do a hex dump of the binary fragment. It's described > TP>

Re[2]: [Clamav-users] [signatures] How to use self-made signatures ?

Hello Tomasz, TP> On Tue, 24 Feb 2004 at 11:05:32 +0100, David Girardey wrote: >> >> I'm testing signatures extraction with a 'home-made' virus : I extract >> a piece of a binary file (jpeg file), and put it into a test.virus.db TP> No. First you must do a hex dump of the binary fragment. It's d

Re: [Clamav-users] [signatures] How to use self-made signatures ?

On Tue, 24 Feb 2004 at 11:05:32 +0100, David Girardey wrote: > > I'm testing signatures extraction with a 'home-made' virus : I extract > a piece of a binary file (jpeg file), and put it into a test.virus.db No. First you must do a hex dump of the binary fragment. It's described in the doc. > I

[Clamav-users] [signatures] How to use self-made signatures ?

Hi, I'm testing signatures extraction with a 'home-made' virus : I extract a piece of a binary file (jpeg file), and put it into a test.virus.db I use the creating signature manual to take a good string (size between 40 and 200, etc). I put this test.virus.db into my database directory (with dai

Re: [Clamav-users] [signatures extractions] with ClamAV?

Emmanuel Saracco wrote: hi, in the ClamAV tutorial for extracting signatures it is said to use HBEDV antivirus with sigtool for automatic extractions. is there another way? why not just using ClamAV for that? is it possible? You can't use clamav itself for that, because it doesn't know this virus

[Clamav-users] [signatures extractions] with ClamAV?

hi, in the ClamAV tutorial for extracting signatures it is said to use HBEDV antivirus with sigtool for automatic extractions. is there another way? why not just using ClamAV for that? is it possible? thanks, bye --- SF.Net is sponsored by:

Re: [clamav-users] signatures

Great document, but "you should have received ssh-keys and/or ftp passwords" Is this for the signature-update members only? I don't recall any passwords sent in this list (it shouldn't anyway). So basically others users still send virus samples to [EMAIL PROTECTED], right? Tomasz Kojm wrote:

[clamav-users] signatures

Quick introduction: http://clamav.elektrapro.com/doc/signatures.pdf Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinen